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1 This action is in response to the communication filed on 9/22/2009. 

2 DETAILED ACTION 

3 Response to Arguments 

4 Applicant's arguments filed 9/22/2009 have been fully considered but they are not 

5 persuasive. 

6 The arguments pertaining to the amendments made to the independent claims are moot in 

7 view of the new grounds of rejection presented below. 

8 The following has been repeated from previous office actions as the applicants have 

9 maintained the arguments from previous communications. 

10 Regarding the applicants' argument that the header of the packet of Gupta does not 



1 1 contain "all" of the generated validity information necessary to perform the validity check, the 

12 examiner still does not find this argument persuasive. The applicants' use the language "all 

13 necessary information required for performing a validity check" throughout the specification. In 

14 order to remain consistent with the specification, the examiner has looked to the instant 

15 specification in order to interpret the usage of this language, for the purposes of searching and 

16 applying prior art. The specification provides evidence that this limitation means "all necessary 

17 information required for performing a validity check without the checking entity needing to 

18 further communicate with the sending network node", as the specification clearly shows that 

19 the checking node does not require further communication with the sending node in order to 

20 perform the validity checking, but that the checking entity may need to receive additional 

21 information from somewhere (i.e. a certificate authority) in order to perform the validity 

22 checking. As such, if Gupta disclosed that the key was retrieved from the DNS server, or that 
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1 the algorithm to perform the verification was known by the verifier, this would still fall within 

2 the scope of the language, in light of the specification. Therefore, the examiner does not find the 

3 argument persuasive. 

4 Regarding the applicants' argument that Gupta does not disclose that "no pre-established 

5 security association is needed to verify the packet" because the sender has the key before the 

6 verification is performed, the examiner does not find the argument persuasive. The instant 

7 specification paragraph 0054 further states, with regards to the lack of pre-established security 

8 association, that "the nodes do not need to have any pre-established [security association], or 

9 have to exchange key values beforehand". The fact that the keys were generated before the 

10 fingerprint is encrypted at the sender does not mean there was a pre-established security 

1 1 association between the communicating nodes. In fact, Fig. 7 of Gupta shows that the recipient 

12 node does not necessarily have the key before the communication. Furthermore, the instant 

13 specification paragraph 0004 indicates that a security association is part of IPSec, but Gupta does 

14 not disclose the use of IPSec, and that the security association is "a set of policy and key(s) used 

15 to protect information". Gupta does not disclose such security association existing before the 

16 communication. As such, the examiner does not find the argument persuasive. 

17 Regarding the applicants' argument, with respect to previous claim 5 which is now 

1 8 incorporated into the independent claims, that Gupta did not disclose wherein the algorithm 

19 information comprises values to initialize an algorithm to be used to perform the validity check 

20 of the packet, the examiner does not find the argument persuasive. The applicants appear to 

21 believe that the claim language requires that the algorithm itself or an indication of what 

22 algorithm should be used be included in the validity information. However, this is not the case. 
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1 Rather, the claim language requires that values to initialize an algorithm be included in the 

2 validity information. To initialize is to assign an initial value. In other words, the claim 

3 requires that an initial value be input to the algorithm. Col. 7 Paragraph 2 clearly shows that the 

4 encrypted signature is decrypted. In order for this to occur, the encrypted signature must 

5 "initialize" the decryption algorithm. As such, the examiner does not find the argument 

6 persuasive. 

7 Further, rather than claiming what the invention is not, the examiner suggests that the 

8 applicants carefully consider the meets and bounds of their invention, and then carefully 

9 construct positive claim limitations which accurately define that scope. For example, if the 

10 applicants believe that it is important to their invention that the algorithm and key used for 

1 1 verification is provided in the header of the packet, then the applicants should particularly point 

12 that out in the claim language. 



13 All objections and rejections not set forth below have been withdrawn. 

14 Claims 1,2,4, 1 1-15, 1 8,42,43,50-56,59,60,62-64 and 66-68 have been examined. 

15 Claim Objections 

16 Claim 62 is objected to because it has not been listed in the claim listing. However, in 

17 order to not increase the pendency of this application, the examiner will use the previous version 

18 of claim 62 in examining the claims. Appropriate correction is required. 

1 9 Claim Rejections - 35 USC §101 

20 35 U.S.C. 101 reads as follows: 

2 1 Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 

22 any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 

23 requirements of this title. 

24 
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1 Claims 66-68 are rejected under 35 U.S.C. 101 because the claimed invention is directed 

2 to non-statutory subject matter. The claims are directed towards "a computer program 

3 configured to operate on a computer readable storage medium, that when executed controls a 

4 processor to perform:". As such, the claims are actually only directed towards the computer 

5 program per se and not the medium. A computer program per se does not fall within one of the 

6 four statutory categories of invention, and therefore the claims are rejected for failing to meet the 

7 requirements of 35 USC 101. 

8 Claim Rejections - 35 USC § 103 

9 Claims 1-2, 15,18, 42-43, 54-56, 59-60, and 62-64, and 66-68 are rejected under 35 

10 U.S.C. 103(a) as being unpatentable over Gupta et al. (US Patent Number 6,389,532) hereinafter 

1 1 referred to as Gupta, and further in view of Mitreuter et al. (US Patent Application Publication 

12 20030033375) hereinafter referred to as Mitreuter. 

13 Regarding claims 1 and 66, Gupta disclosed a method (See Gupta Fig. 1 Element 104, 

14 108 or 1 12), comprising the steps of: generating validity information for a packet (See Gupta 

15 Figs. 5-6 and Col. 6 Paragraphs 2-4), wherein the validity information comprises all necessary 

16 information required to perform a validity check of the packet (See Gupta Fig 7 and Col. 6 

17 Paragraph 5 - Col. 7 Paragraph 2); the validity information comprising algorithm information to 

18 be used for performing the validity check of the packet and no pre-established security 

19 association is needed to verify the packet and algorithm initialization information(See Gupta Fig. 

20 3 and Col. 6 Paragraphs 3-4); generating a packet header (302), comprising the validity 

21 information (See Gupta Fig. 3 and Col. 6 Paragraphs 3-4) ; and sending the packet including the 

22 packet header from a first network node to a second network node (See Gupta Col. 6 Paragraph 
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1 4), but Gupta failed to specifically teach the validity information further comprising public key 

2 information of a sending node comprising one of the public key of the sending node or an 

3 identity of an entity from which the public key of the sending node can be obtained. 

4 Mitreuter teaches that in an analogous art for generating and signing packets, the public 

5 key of the sender can be included in the packet header in order to allow the packet signature to 

6 be readily verified by the recipient of the packet (Mitreuter Paragraph 0037). 

7 It would have been obvious to the ordinary person skilled in the art at the time of 

8 invention to have employed the teachings of Mitreuter in the packet verification system of Gupta 

9 by included the public key used to verify the packet signature in the packet header. This would 

10 have been obvious because the ordinary person skilled in the art would have been motivated to 

1 1 allow any recipient of the packet to readily verify the signature of the packet. 

12 Regarding claim 18, Gupta disclosed an apparatus comprising: validity information 

13 generating means for generating validity information for a packet (See Gupta Figs. 5-6 and Col. 

14 6 Paragraphs 2-4); packet header generating means for generating a header for the packet, 

15 comprising the validity information (See Gupta Fig. 3 and Col. 6 Paragraphs 3-4); and sending 

16 means for sending the packet including the header to a receiving network node (See Gupta Col. 6 

17 Paragraph 4), wherein the validity information comprises all necessary information required for 

1 8 performing a validity check of the packet and no pre-established security association is needed to 

19 verify the packet (See Gupta Fig 7 and Col. 6 Paragraph 5 - Col. 7 Paragraph 2) and the validity 

20 information comprises algorithm information to be used for performing the validity check of the 

21 packet (See Gupta Col. 6 Paragraphs 3-4), wherein the algorithm information comprises values 

22 to initialize an algorithm to be used to perform the validity check of the packet (See Gupta Col. 6 
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1 Paragraphs 3-4, the data, the key index, the signature, or the fingerprint, for example), but Gupta 

2 failed to specifically teach the validity information further comprising public key information of 

3 a sending node comprising one of the public key of the sending node or an identity of an entity 

4 from which the public key of the sending node can be obtained. 

5 Mitreuter teaches that in an analogous art for generating and signing packets, the public 

6 key of the sender can be included in the packet header in order to allow the packet signature to 

7 be readily verified by the recipient of the packet (Mitreuter Paragraph 0037). 

8 It would have been obvious to the ordinary person skilled in the art at the time of 

9 invention to have employed the teachings of Mitreuter in the packet verification system of Gupta 

10 by included the public key used to verify the packet signature in the packet header. This would 

1 1 have been obvious because the ordinary person skilled in the art would have been motivated to 

12 allow any recipient of the packet to readily verify the signature of the packet. 

13 Regarding claim 42, Gupta disclosed an apparatus, comprising: a validity information 

14 generator configured to generate validity information for a packet (Sec Gupta Figs. 5-6 and Col. 

15 6 Paragraphs 2-4); a packet header generator configured to generate a header for the packet, 

16 comprising the validity information (See Gupta Fig. 3 and Col. 6 Paragraphs 3-4); and a 

17 transmitter configured to send the packet including the header to a receiving network node (See 

18 Gupta Col. 6 Paragraph 4), wherein the validity information comprises all necessary information 

19 required to perform a validity check of the packet and no pre-established security association is 

20 needed to verify the packet, and the validity information comprises algorithm information to be 

21 used to perform the validity check of the packet (See Gupta Fig 7 and Col. 6 Paragraph 3 - Col. 7 

22 Paragraph 2), wherein the algorithm information comprises values to initialize an algorithm to be 
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1 used to perform the validity check of the packet (See Gupta Col. 6 Paragraphs 3-4, the data, the 

2 key index, the signature, or the fingerprint, for example), but Gupta failed to specifically teach 

3 the validity information further comprising public key information of a sending node comprising 

4 one of the public key of the sending node or an identity of an entity from which the public key of 

5 the sending node can be obtained. 

6 Mitreuter teaches that in an analogous art for generating and signing packets, the public 

7 key of the sender can be included in the packet header in order to allow the packet signature to 

8 be readily verified by the recipient of the packet (Mitreuter Paragraph 0037). 

9 It would have been obvious to the ordinary person skilled in the art at the time of 

1 0 invention to have employed the teachings of Mitreuter in the packet verification system of Gupta 

11 by included the public key used to verify the packet signature in the packet header. This would 

12 have been obvious because the ordinary person skilled in the art would have been motivated to 

13 allow any recipient of the packet to readily verify the signature of the packet. 

14 Regarding claim 55, Gupta disclosed an apparatus, comprising: a receiver configured to 

15 receive packets from a sending network node (See Gupta Fig. 1 Element 108, Fig. 7 and Col. 6 

16 Paragraph 5); and a checker configured to perform a validity check of a packet by referring to 

17 validity information contained in a header of the packet and no pre-established security 

18 association is needed to verify the packet (See Gupta Fig. 7 and Col. 7 Paragraph 2), wherein the 

19 validity information comprises all necessary information required to perform the validity check 

20 of the packet (See Gupta Fig 7 and Col. 6 Paragraph 5 - Col. 7 Paragraph 2), and the validity 

21 information comprises algorithm information to be used to perform the validity check of the 

22 packet (See Gupta Col. 6 Paragraphs 3-4), wherein the algorithm information comprises values 
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1 to initialize an algorithm to be used to perform the validity check of the packet (See Gupta Col. 6 

2 Paragraphs 3-4, the data, the key index, the signature, or the fingerprint, for example), but Gupta 

3 failed to specifically teach the validity information further comprising public key information of 

4 a sending node comprising one of the public key of the sending node or an identity of an entity 

5 from which the public key of the sending node can be obtained. 

6 Mitreuter teaches that in an analogous art for generating and signing packets, the public 

7 key of the sender can be included in the packet header in order to allow the packet signature to 

8 be readily verified by the recipient of the packet (Mitreuter Paragraph 0037). 

9 It would have been obvious to the ordinary person skilled in the art at the time of 

1 0 invention to have employed the teachings of Mitreuter in the packet verification system of Gupta 

11 by included the public key used to verify the packet signature in the packet header. This would 

12 have been obvious because the ordinary person skilled in the art would have been motivated to 

13 allow any recipient of the packet to readily verify the signature of the packet. 

14 Regarding claim 59, Gupta disclosed an apparatus, comprising: a transmitter configured 

15 to forward packets from a sending network node to a receiving network node (See Gupta Fig. 7 

16 and Col. 6 Paragraph 5); and a checker configured to perform a validity check of a packet by 

17 referring to validity information contained in a header of the packet (See Gupta Fig. 7 and Col. 7 

1 8 Paragraph 2), wherein the validity information comprises all necessary information required to 

19 perform a validity check of the packet and no pre-established security association is needed to 

20 verify the packet (See Gupta Fig 7 and Col. 6 Paragraph 5 - Col. 7 Paragraph 2), and the validity 

21 information comprises algorithm information to be used to perform the validity check of the 

22 packet (See Gupta Col. 6 Paragraphs 3-4), wherein the algorithm information comprises values 
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1 to initialize an algorithm to be used to perform the validity check of the packet (See Gupta Col. 6 

2 Paragraphs 3-4, the data, the key index, the signature, or the fingerprint, for example), but Gupta 

3 failed to specifically teach the validity information further comprising public key information of 

4 a sending node comprising one of the public key of the sending node or an identity of an entity 

5 from which the public key of the sending node can be obtained. 

6 Mitreuter teaches that in an analogous art for generating and signing packets, the public 

7 key of the sender can be included in the packet header in order to allow the packet signature to 

8 be readily verified by the recipient of the packet (Mitreuter Paragraph 0037). 

9 It would have been obvious to the ordinary person skilled in the art at the time of 

1 0 invention to have employed the teachings of Mitreuter in the packet verification system of Gupta 

11 by included the public key used to verify the packet signature in the packet header. This would 

12 have been obvious because the ordinary person skilled in the art would have been motivated to 

13 allow any recipient of the packet to readily verify the signature of the packet. 

14 Regarding claims 63 and 67, Gupta disclosed a method comprising: receiving packets 

15 (See Gupta Fig 7 and Col. 6 Paragraph 5 - Col. 7 Paragraph 2); and performing a validity check 

16 of a packet by referring to validity information contained in a header of the packet (See Gupta 

17 Fig. 7 and Col. 7 Paragraph 2), wherein the validity information comprises all necessary 

1 8 information required for performing the validity check of the packet and no pre-established 

19 security association is needed to verify the packet, the validity information comprising algorithm 

20 information to be used for performing the validity check of the packet (See Gupta Fig 7 and Col. 

21 6 Paragraph 3 - Col. 7 Paragraph 2), wherein the algorithm information comprises values to 

22 initialize an algorithm to be used to perform the validity check of the packet (See Gupta Col. 6 
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1 Paragraphs 3-4, the data, the key index, the signature, or the fingerprint, for example), but Gupta 

2 failed to specifically teach the validity information further comprising public key information of 

3 a sending node comprising one of the public key of the sending node or an identity of an entity 

4 from which the public key of the sending node can be obtained. 

5 Mitreuter teaches that in an analogous art for generating and signing packets, the public 

6 key of the sender can be included in the packet header in order to allow the packet signature to 

7 be readily verified by the recipient of the packet (Mitreuter Paragraph 0037). 

8 It would have been obvious to the ordinary person skilled in the art at the time of 

9 invention to have employed the teachings of Mitreuter in the packet verification system of Gupta 

10 by included the public key used to verify the packet signature in the packet header. This would 

1 1 have been obvious because the ordinary person skilled in the art would have been motivated to 

12 allow any recipient of the packet to readily verify the signature of the packet. 

13 Regarding claims 64 and 68, Gupta disclosed a method comprising: forwarding received 

14 packets (Gupta Col. 7 Paragraph 2); and performing means for performing a validity check of a 

15 packet by referring to validity information contained in a header of the packet (Gupta Col. 7 

16 Paragraph 2), wherein the validity information comprises all necessary information required for 

17 performing a validity check of the packet and no pre-established security association is needed to 

1 8 verify the packet, the validity information comprising algorithm information to be used for 

19 performing the validity check of the packet (See Gupta Fig 7 and Col. 6 Paragraph 3 - Col. 7 

20 Paragraph 2), wherein the algorithm information comprises values to initialize an algorithm to be 

21 used to perform the validity check of the packet (See Gupta Col. 6 Paragraphs 3-4, the data, the 

22 key index, the signature, or the fingerprint, for example), but Gupta failed to specifically teach 
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1 the validity information further comprising public key information of a sending node comprising 

2 one of the public key of the sending node or an identity of an entity from which the public key of 

3 the sending node can be obtained. 

4 Mitreuter teaches that in an analogous art for generating and signing packets, the public 

5 key of the sender can be included in the packet header in order to allow the packet signature to 

6 be readily verified by the recipient of the packet (Mitreuter Paragraph 0037). 

7 It would have been obvious to the ordinary person skilled in the art at the time of 



8 invention to have employed the teachings of Mitreuter in the packet verification system of Gupta 

9 by included the public key used to verify the packet signature in the packet header. This would 

10 have been obvious because the ordinary person skilled in the art would have been motivated to 

1 1 allow any recipient of the packet to readily verify the signature of the packet. 



12 Regarding claims 2, 43, 56 and 60, Gupta and Mitreuter disclosed that the generating of 

13 the validity information comprises generating security information indicating security services 

14 applied to the packet (See Gupta Col. 5 Paragraph 7). 

15 Regarding claim 62, Gupta and Mitreuter disclosed that the generating of the validity 

16 information comprises generating public key information of a sending node (See Mitreuter 

17 Paragraph 0037). 

18 Regarding claim 15 and 54, Gupta and Mitreuter disclosed signing the packet using a 

19 private key corresponding to the public key indicated by the validity information in the packet 

20 header in a sending network node (See Gupta Col. 6 Paragraph 4 and Mitreuter Paragraph 0037). 
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1 Claims 4, 12-14, and 51-53 are rejected under 35 U.S.C. 103(a) as being unpatentable 

2 over Gupta and Mitreuter as applied to claims 1 and 42 above, and further in view of Naudus 

3 (US Patent Number 6,202,08 1). 

4 Regarding claims 12-14, and 51-53, Gupta and Mitreuter disclosed validation of packets, 

5 but failed to disclose that the step of generating the validity information comprises generating an 

6 information item for preventing replay attacks. 

7 Naudus teaches that in a packet filtering system, packets should include timestamps in 



8 order to prevent replay attacks. Naudus further teaches that "[rjeplay attacks occur when a 

9 malicious user gains access to a router or other network device on a computer network that is 

10 forwarding data packets. Legitimate data packets are intercepted and then re-sent at a later time 

11 to allow the malicious user to appear as a legitimate user. A firewall helps prevent replay attacks 

12 by checking a time-stamp in the data packet that prevents the data packets from being re-sent at a 

13 later time." (See Naudus Col. 2 Paragraph 4). 

14 It would have been obvious to the ordinary person skilled in the art at the time of 

15 invention to employ the teachings of Naudus in the packet validity checking system of Gupta and 

16 Mitreuter by including a timestamp in each packet and verifying the timestamp at the validity 

17 checker. This would have been obvious because the ordinary person skilled in the art would 

1 8 have been motivated to prevent replay attacks in the network. In this combination, the inclusion 

19 of a timestamp in each packet, in itself, is an indication of a procedure to be used for anti replay 

20 attacks. 

21 Regarding claim 4, Gupta and Mitreuter did not specifically teach that the step of 

22 generating the algorithm information comprises generating the algorithm information which 



Application/Control Number: 10/721,504 Page 14 

Art Unit: 2431 

1 indicates an algorithm to be used for performing the validity check of the packet. However, as 

2 taught by Naudus, in Col. 6 Line 60 - Col. 7 Line 7, it is well known to include in the packet 

3 header, an identification of which algorithm was used to sign the packet. As such, it would have 

4 been obvious to have included this information within the packet. Furthermore, the ordinary 

5 person skilled in the art at the time of invention would have recognized that this would allow for 

6 the user of a multiplicity of signature algorithms, as well as allowing updating of the signature 

7 algorithms in the future, and therefore it would have been obvious to have included an indication 

8 of the signature algorithm in the packet. 

9 Claims 11, and 50 are rejected under 35 U.S.C. 103(a) as being unpatentable over Gupta 

10 and Mitreuter as applied to claims 6 and 23 above, and further in view of Nikander (US Patent 

11 Number 7,155,500). 

12 Gupta and Mitreuter disclosed including public key information within the packets, 

13 including the public key itself within the packets, but failed to specifically disclose that the step 

14 of generating the public key information comprises generating public key verification 

15 information indicating information in order to verify that the public key actually belongs to the 

16 sending node. Gupta did disclose that the public and private key pairs can be generated and 

17 stored in a certification server (See Col. 4 Paragraph 2). 

1 8 Nikander teaches that by including the certificate of the public key, the receiving host can 

19 verify that the public key is truly owned by the sender (See Nikander Col. 10 Line 50 - Col. 12 

20 Line 9). 

2 1 It would have been obvious to the ordinary person skilled in the art at the time of 

22 invention to employ the teachings of Nikander in the packet verification system of Gupta and 
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1 Mitreuter by including the public key certificate within each packet and verifying that the sender 

2 of each packet owned the public key used to sign the packet. This would have been obvious 

3 because the ordinary person skilled in the art would have been motivated to ensure that a 

4 malicious node was not claiming to be a different node. 

5 Conclusion 

6 Claims 1.2.4.11-15.18.42.43.50-56.59. 60. 62-64 and 66-68 have been rejected. 

7 Any inquiry concerning this communication or earlier communications from the 

8 examiner should be directed to MATTHEW T. HENNING whose telephone number is 

9 (571)272-3790. The examiner can normally be reached on M-F 8-4. 

10 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

1 1 supervisor, William Korzuch can be reached on (571)272-7589. The fax phone number for the 

12 organization where this application or proceeding is assigned is 571-273-8300. 

13 Information regarding the status of an application may be obtained from the Patent 

14 Application Information Retrieval (PAIR) system. Status information for published applications 

15 may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

16 applications is available through Private PAIR only. For more information about the PAIR 

17 system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

18 system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 

19 like assistance from a USPTO Customer Service Representative or access to the automated 

20 information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



21 
22 
23 



/Matthew T Henning/ 

Primary Examiner, Art Unit 243 1 
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